Operational Excellence 100 Labs 100 - Inventory and Patch Management 1. Intro 2. Setup 3. Deploy an Environment Using Infrastructure as Code 4. Inventory Management using Operations as Code 5. Patch Management 6. Creating Maintenance Windows and Scheduling Automated Operations Activities 7. Creating a Simple Notification Service Topic 8. Removing Lab Resources Security 100 Labs AWS Account and Root User 1. Account Settings & Root User Security 2. Tear down this lab Basic Identity and Access Management User, Group, Role 1. AWS Identity & Access Management 2. Assume Administrator Role from an IAM user 3. Tear down this lab CloudFront with S3 Bucket Origin 1. Create S3 bucket 2. Upload example index.html file 3. Configure Amazon CloudFront 4. Tear down this lab Enable Security Hub 1. Enable AWS Security Hub via AWS Console Create a Data Bunker Account 1. Creating data bunker account in console 200 Labs Automated Deployment of Detective Controls 1. Create Stack 3. Tear down Automated Deployment of EC2 Web Application 1. Create Web Stack 2. Tear down this lab Automated Deployment of IAM Groups and Roles 1. AWS CloudFormation to Create Groups, Policies and Roles with MFA Enforced 2. Assume Roles from an IAM user 3. Tear down Automated Deployment of VPC 1. Create VPC Stack 2. Tear Down Automated Deployment of Web Application Firewall 1. Configure AWS WAF 2. Configure Amazon CloudFront 3. Tear down Automated IAM User Cleanup 1. Deploying IAM Lambda Cleanup with AWS SAM Basic EC2 WAF Protection 1. Launch Instance 2. Create AWS WAF Rules 3. Create Application Load Balancer with WAF integration 4. Tear down AWS Certificate Manager Request Public Certificate 1. Requesting a public certificate using the console 2. Tear down CloudFront for Web Application 1. Configure CloudFront - EC2 or Load Balancer 2. Tear down CloudFront with WAF Protection 1. Launch Instance 2. Configure AWS WAF 3. Configure Amazon CloudFront 4. Tear down this lab 300 Labs IAM Permission Boundaries Delegating Role Creation 1. Create IAM policies 2. Create and Test Developer Role 3. Create and Test User Role 4. Knowledge Check 5. Tear down IAM Tag Based Access Control for EC2 1. Create IAM policies 2. Create Role 3. Test Role 4. Knowledge Check 5. Tear down Incident Response Playbook with Jupyter - AWS IAM 1. Install Python & AWS CLI 2. Playbook Run Incident Response with AWS Console and CLI 1. Getting Started 2. Identity & Access Management 3. Amazon VPC Lambda Cross Account Using Bucket Policy 1. Identify (or create) S3 bucket in account 2 2. Create role for Lambda in account 1 3. Create bucket policy for the S3 bucket in account 2 4. Create Lambda in account 1 5. Tear down Lambda Cross Account IAM Role Assumption 1. Create role for Lambda in account 2 2. Create role for Lambda in account 1 3. Create Lambda in account 1 4. Tear down Quests Introduction to Security 1. New AWS Account Setup and Securing Root User 2. Basic Identity and Access Management User, Group, Role 3. CloudFront with WAF Protection 4. Automated Deployment of Detective Controls Quick Steps to Security Success 1. Control Tower 2. Centralize Identities 3. Enable Additional Guardrails 4. Monitoring and Alerting 5. Operating AWS Incident Response Day AWS Security Best Practices Workshop Security Best Practices Day Managing Credentials & Authentication Control Human Access Control Programmatic Access Detect & Investigate Events Defend Against New Threats Protect Networks Protect Compute Classify Data Protect Data at Rest Protect Data in Transit Incident Response Reliability 100 Labs Deploy using CloudFormation 1. Deploy Infrastructure 2. Deploy Application 3. Explore Web Application 4. Explore CloudFormation 5. Tear down this lab 200 Labs S3 Bi-Directional Replication 1. Deploy Infrastructure 2. Configure CRR 3. Test CRR 4. Tear down this lab 5. Resources Update CloudFormation 1. Deploy Infrastructure 2. Explore Deployment 3. Use Parameters 4. Add S3 Bucket 5. Add EC2 Instance 6. Tear down this lab Testing Backup and Restore 1. Deploy Infrastructure 2. Create Backup Plan 3. Enable Notifications 4. Test Restore 5. Teardown Test Resiliency of EC2 1. Deploy Application 2. Execution Environment 3. EC2 Failure Injection 4. Tear down this lab 300 Labs Health Checks & Dependencies 1. Deploy Application 2. Dependency failure 3. Deep health checks 4. Fail open 5. Tear down this lab Test Resiliency EC2, RDS, & AZ 1. Deploy Application 2. Execution Environment 3. Failure Injection Prep 4. EC2 Failure Injection 5. RDS Failure Injection 6. AZ Failure Injection 7. Failure Injection - optional 8. Tear down this lab Performance Efficiency 100 Labs Monitoring with CloudWatch Dashboards 1. View Amazon CloudWatch Automatic Dashboards 2. Teardown Calculating differences in clock source 1. Deploy 2. Test performance 3. Change clock type 4. Teardown Cost Optimization Fundamentals Expenditure Awareness Cost Effective Resources 100 Labs Level 100: AWS Account Setup: Lab Guide 1. Configure IAM access 2. Create an account structure 3. Enable Single Sign On (SSO) 4. Configure account settings 5. Configure Cost and Usage reports 6. Setup Amazon QuickSight 7. Enable AWS Cost Explorer 8. Enable AWS-Generated Cost Allocation Tags 9. Tear down Level 100: Cost and Usage Governance 1. Create and implement an AWS Budget for monthly forecasted cost 2. Create and implement an AWS Budget for EC2 actual cost 3. Create and implement an AWS Budget for EC2 Savings Plan coverage 4. Create and implement an AWS Budget Report 5. Tear down Level 100: Pricing Models 1. View your Savings Plan recommendations 2. Understand your usage trend 3. Analyze your Savings Plan recommendations 4. Visualize your Savings Plan recommendations 5. Tear down Level 100: Cost and Usage Analysis 1. View your AWS Invoices 2. View your cost and usage in detail 3. Download your monthly cost and usage file 4. Tear down Level 100: Cost Visualization 1. View your cost and usage by service 2. View your cost and usage by account 3. View your Savings Plan coverage 4. View your Elasticity 5. View your Reserved Instance coverage 6. Create custom EC2 reports 7. Tear down Level 100: EC2 Right Sizing 1. Getting to know Amazon Cloudwatch 2. Using Amazon EC2 Resource Optimization Recommendations 3. Download the Amazon EC2 Resource Optimization CSV File and sort it to find quick wins 4. Action the recommendations 5. Amazon EC2 Right Sizing Best Practices 6. Tear down 200 Labs Level 200: Cost and Usage Governance 1. Create a group of users for testing 2. Create an IAM Policy to restrict service usage by region 3. Create an IAM Policy to restrict EC2 usage by family 4. Extend an IAM Policy to restrict EC2 usage by instance size 5. Create an IAM policy to restrict EBS Volume creation by volume type 6. Teardown Level 200: Pricing Models 1. View an RI report 2. Download and prepare the RI CSV files 3. Sort and filter the RI CSV files 4. Tear down Level 200: Cost and Usage Analysis 1. Verify your CUR files are being delivered 2. Use AWS Glue to enable access to CUR files via Amazon Athena 3. Cost and Usage analysis 4. Tear down Level 200: Cost Visualization 1. Create a data set 2. Create visualizations 3. Share your Analysis and Dashboard 4. Tear down Level 200: EC2 Right Sizing 1. Getting to know Amazon Cloudwatch 2. Create an IAM Role to use with Amazon CloudWatch Agent 3. Attach CloudWatch IAM role to selected EC2 Instances 4. Cloudwatch Agent Manual Install 5. Updated Amazon EC2 Resource Optimization recommendations 6. Amazon EC2 Right Sizing Best Practices 7. Tear down Level 200: Pricing Model Analysis 1. Create Pricing Data Sources 2. Create the Usage Data Source 3. Setup QuickSight Dashboard 4. Create the Recommendation Dashboard 5. Format the Recommendation Dashboard 6. Teardown Level 200: Enterprise Dashboards 1. Create Cost Intelligence Dashboard 2. Modify Cost Intelligence Dashboard 3. Distribute Dashboards 4. Teardown Level 200: Workload Efficiency 1. Create the Data Sources 2. Create the efficiency data source 3. Create the Visualizations 4. Teardown 300 Labs Level 300: Automated Athena CUR Query and E-mail Delivery 1. Overview architecture 2. Create S3 Bucket 3. Create an IAM policy and role for Lambda function 4. Configure parameters of function code and upload code to S3 5. Create a Lambda function 6. Customize query strings and create scheduled CloudWatch event 7. Teardown Level 300: Automated CUR Updates and Ingestion 1. Create the CloudFormation Stack 2. Multiple CURs 3. Teardown Level 300: Splitting the CUR and Sharing Access 1. Setup Output S3 Bucket 2. Perform one off Fill of Member/Linked Data 3. Create Athena Saved Queries to Write new Data 4. Create Lambda function to run the Saved Queries 5. Trigger the Lambda When a CUR is Delivered 6. Sub Account Crawler Setup 7. Tear Down Well-Architected Tool 100 Labs Level 100: Walkthrough of the Well-Architected Tool 1. Navigating to the console 2. Creating a workload 3. Performing a review 4. Saving a milestone 5. Viewing and downloading the report 6. Tear down this lab Labs RSS FeedAmazon Free TierClear HistoryLicenseDocumentation LicenseLicensed under the Creative Commons Share Alike 4.0 license.Code LicenseLicensed under the Apache 2.0 and MITnoAttr License.© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at https://aws.amazon.com/apache2.0/ or in the license accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.Edit this pageAWS Well-Architected Labs > Security > 300 Labs > Level 300: IAM Permission Boundaries Delegating Role Creation > Knowledge CheckKnowledge CheckThe security best practices followed in this lab are:Manage credentials and authentication Use of MFA for access to provide additional access control.Grant access through roles or federation: Roles with associated policies have been used to define appropriate permission boundaries.Grant least privileges: The roles are scoped with minimum privileges to accomplish the task.